Obtaining Bucket Encryption Configuration
Functions
If bucket encryption is configured, you can call this API to obtain the bucket encryption configuration. For more information about bucket encryption configuration, see Server-Side Encryption.
OBS uses the GET method to obtain the encryption configuration of a specified bucket.
Authorization Information
To call this API, you must be the bucket owner or have the permission to obtain the encryption configuration of a bucket. You are advised to use IAM or bucket policies for authorization. For details about OBS authorization methods, see Differences Between OBS Permissions Control Methods.
- If you use IAM for authorization, you need to use either role/policy-based authorization or identity policy-based authorization and configure the required permissions:
- If you use role/policy-based authorization (IAM v3 APIs in the old IAM version), you need to grant the obs:bucket:GetEncryptionConfiguration permission. For details, see Creating a Custom IAM Policy.
- If you use identity policy-based authorization (IAM v5 APIs in the new IAM version), you need to grant the obs:bucket:getEncryptionConfiguration permission, as shown in the following table. For details, see Creating a Custom IAM Identity Policy.
Action
Access Level
Resource Type (*: Required)
Dependencies
obs:bucket:getEncryptionConfiguration
Read
bucket *
-
-
-
- obs:EpochTime
- obs:SourceIp
- obs:TlsVersion
- obs:CustomDomain
- If you use bucket policies for authorization, you need to grant the obs:bucket:GetEncryptionConfiguration permission. For details, see Creating a Custom Bucket Policy.
Request Syntax
1 2 3 4 5 6 | GET /?encryption HTTP/1.1 User-Agent: curl/7.29.0 Host: bucketname.obs.region.myhuaweicloud.com Accept: */* Date: date Authorization: authorization string |
URI Parameters
This request contains no message parameters.
Request Headers
This request uses common headers. For details, see Table 3.
Request Body
This request contains no request body parameters.
Response Syntax
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 | HTTP/1.1 status_code x-obs-request-id: request id x-obs-id-2: id Content-Type: application/xml Content-Length: length Date: date <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <ServerSideEncryptionConfiguration xmlns="http://obs.region.myhuaweicloud.com/doc/2015-06-30/"> <Rule> <ApplyServerSideEncryptionByDefault> <SSEAlgorithm>kms</SSEAlgorithm> <KMSMasterKeyID>kmskeyid-value</KMSMasterKeyID> <ProjectID>projectid</ProjectID> </ApplyServerSideEncryptionByDefault> <BucketKeyEnabled>true</BucketKeyEnabled> </Rule> </ServerSideEncryptionConfiguration> |
Response Headers
This response uses common headers. For details, see Table 1.
Response Body
This response contains the following elements to detail bucket encryption configuration:
| Parameter | Type | Description |
|---|---|---|
| ServerSideEncryptionConfiguration | Container | Definition Root element of the default bucket encryption configuration. ServerSideEncryptionConfiguration is the parent node of Rule. Range N/A |
| Rule | Container | Definition Child element of the default bucket encryption configuration. Rule is the parent node of ApplyServerSideEncryptionByDefault. Range For details, see Rule parameters. |
| Parameter | Type | Description |
|---|---|---|
| ApplyServerSideEncryptionByDefault | Container | Definition The child element of the default bucket encryption configuration. Range For details, see Table 3. |
| Parameter | Type | Description |
|---|---|---|
| SSEAlgorithm | String | Definition Server-side encryption algorithm used for the default encryption configuration of a bucket. Range
|
| KMSMasterKeyID | String | Definition KMS master key ID used in SSE-KMS encryption. Range
In the preceding formats:
|
| ProjectID | String | Definition ID of the project where the KMS master key belongs when SSE-KMS is used. Range Project ID that matches KMSMasterKeyID, that is, the ID of the project to which the master key with the specified KMSMasterKeyID belongs |
Error Responses
In addition to common error codes, this API returns others. The following table lists common errors and possible causes. For details, see Table 4.
Sample Request
1 2 3 4 5 6 | GET /?encryption HTTP/1.1 User-Agent: curl/7.29.0 Host: examplebucket.obs.region.myhuaweicloud.com Accept: */* Date: Thu, 21 Feb 2019 03:05:34 GMT Authorization: OBS H4IPJX0TQTHTHEBQQCEC:DpSAlmLX/BTdjxU5HOEwflhM0WI= |
Sample Response
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 | HTTP/1.1 200 OK Server: OBS x-obs-request-id: BF26000001643670AC06E7B9A7767921 x-obs-id-2: 32AAAQAAEAABSAAgAAEAABAAAQAAEAABCSvK6z8HV6nrJh49gsB5vqzpgtohkiFm Date: Thu, 21 Feb 2019 03:05:34 GMT Content-Length: 788 <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <ServerSideEncryptionConfiguration xmlns="http://obs.region.myhuaweicloud.com/doc/2015-06-30/"> <Rule> <ApplyServerSideEncryptionByDefault> <SSEAlgorithm>kms</SSEAlgorithm> <KMSMasterKeyID>4f1cd4de-ab64-4807-920a-47fc42e7f0d0</KMSMasterKeyID> </ApplyServerSideEncryptionByDefault> <BucketKeyEnabled>true</BucketKeyEnabled> </Rule> </ServerSideEncryptionConfiguration> |
References
- For more information about server-side encryption, see Server-Side Encryption.
- For details about the billing items involved in API operations, see Billing Items.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
